On Wed, Sep 01, 2004 at 11:54:55PM -0400, John A. Sullivan III wrote: > I think you have confused the issues. Do not put the source match in > the PREROUTING rule (thus your squid access from the local LAN will not > break). Do put the source match in the FORWARD rule. That will > restrict outside access to only 1.2.3.4. I assume there is already a > FORWARD rule that allows access from the LAN. Hope this helps - John So, you mean I keep the PREROUTING rule as before and make -A FORWARD -d 10.10.10.3 -p tcp -m tcp --dport 80 -j ACCEPT to -A FORWARD -s 5.6.7.8 -d 10.10.10.3 -p tcp -m tcp --dport 80 -j ACCEPT But will this not forward requests from my squid proxy server too? -Payal
